CVE-2026-24590
Deferred Deferred - Pending Action
Missing Authorization in VideoWhisper Paid Videochat

Publication date: 2026-05-26

Last updated on: 2026-05-26

Assigner: Patchstack

Description
Missing Authorization vulnerability in VideoWhisper.Com Paid Videochat Turnkey Site allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Paid Videochat Turnkey Site: from n/a through 7.3.23.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-05-26
Generated
2026-06-15
AI Q&A
2026-05-26
EPSS Evaluated
2026-06-14
NVD
CVE-2026-24590
EUVD
EUVD-2026-31806
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
videowhisper paid_videochat_turnkey_site to 7.3.23 (inc)
patchstack wordpress_paid_videochat_turnkey_site_plugin to 7.3.23 (inc)
patchstack wordpress_paid_videochat_turnkey_site_plugin 7.3.24
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability is a Missing Authorization issue that allows unauthenticated users to perform actions requiring higher privileges due to broken access control.

Such broken access control can lead to unauthorized access to sensitive data or functionality, which may impact compliance with standards and regulations like GDPR or HIPAA that require strict access controls to protect personal or sensitive information.

However, the provided information does not explicitly state the direct impact on compliance with these regulations.

Executive Summary

CVE-2026-24590 is a Broken Access Control vulnerability in the WordPress Paid Videochat Turnkey Site Plugin, versions 7.3.23 and below.

It occurs due to missing authorization checks, which allows unauthenticated users to perform actions that normally require higher privileges.

This means that users without proper permissions can exploit incorrectly configured access control security levels to access or perform restricted operations.

Impact Analysis

This vulnerability can allow unauthorized users to perform privileged actions on affected websites using the Paid Videochat Turnkey Site Plugin.

While the vulnerability is considered low severity with a CVSS score of 5.3 and is unlikely to be exploited individually, it poses a risk in mass-exploit campaigns targeting thousands of websites.

If exploited, it could lead to unauthorized access or manipulation of site features that should be restricted, potentially compromising the integrity of the site.

Mitigation Strategies

To mitigate the vulnerability in the WordPress Paid Videochat Turnkey Site Plugin (CVE-2026-24590), you should immediately update the plugin to version 7.3.24 or later.

If updating immediately is not possible, seek assistance from your hosting provider or developer to apply necessary patches or workarounds.

Consider enabling auto-update features provided by Patchstack to ensure the plugin remains up to date and protected against this and similar vulnerabilities.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24590. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart